Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
robertm
New Contributor
‎04-15-2021 04:29 PM

AOS Firewall Event Message of "CRYPTO_IKE.NEGOTIATION Intoto_RSA_mod_exp"

We recently upgraded our AOS to the FW version of R13.10.0 and we see the below crypto IKE message on the CLI session. Does anybody know what does this mean?

We see this message on a NV6310 with a VPN tunnel that was set up before the FW upgrade to R13.10.0 version. Before the FW upgrade we didn't have this message.

 

CRYPTO_IKE.NEGOTIATION Intoto_RSA_mod_exp :: Base, Exponent & Modulus must be 2048 bits or less

0 Kudos
Reply
2 Replies
itguru4all
New Contributor
‎12-30-2022 11:44 AM

Re: AOS Firewall Event Message of "CRYPTO_IKE.NEGOTIATION Intoto_RSA_mod_exp"

Sounds like somebody is trying to connect with a cypher that's too big.  Is the connection working?  If not, somebody may have to step down to 512 or 1024.

0 Kudos
Accept as Solution Reply
mkiwiet
New Contributor
‎12-06-2023 05:04 PM

Re: AOS Firewall Event Message of "CRYPTO_IKE.NEGOTIATION Intoto_RSA_mod_exp"

I have a similar issue - my tunnel stays up for 24 hours exactly - I believe that's because that is what the SA timer is set for

After working perfectly for 24 hours, the Layer 3 on top of the GRE stops working

If I do a "show crypto ike" I will still see the SA as "MATURE" and it should be working but doesn't

If I reboot the router the tunnel and VPN recover with no issue

This is an OLD problem that I've worked with AdTran on before and never got anywhere.

Finally - to solve the issue - I hacked the startup configuration file and inserted a "RELOAD IN 1440" then "Y" and another "Y" into the startup config.  Then I rebooted the adtran at 10pm one night.  This resulted into a daily reboot of the device around 10pm every day.

Ugly fix - but it worked

0 Kudos
Accept as Solution Reply